beautypg.com

Configuring user privilege level – H3C Technologies H3C SecPath F1000-E User Manual

Page 206

background image

12

Level Privilege Description

2 System

Involves commands for service configuration, including routing
and commands at each level of the network for providing
services. By default, commands at this level include all

configuration commands except for those at manage level.

3 Manage

Involves commands that influence the basic operation of the
system and the system support modules for service support. By
default, commands at this level involve file system, FTP, TFTP,

Xmodem command download, user management, level setting,

as well as parameter setting within a system (the last case

involves those non-protocol or non RFC provisioned commands).

Configuring User Privilege Level

User privilege level can be configured by using AAA authentication parameters or under a user
interface.

Configure user privilege level by using AAA authentication parameters

If the user interface authentication mode is scheme when a user logs in, and username and password

are needed at login, the user privilege level is specified in AAA authentication configuration.
Follow these steps to configure user privilege level by using AAA authentication parameters:

To do…

Use the command…

Remarks

Enter system view

system-view

Enter user interface view

user-interface { first-num1
[ last-num1 ] | { aux | console |
vty } first-num2 [ last-num2 ] }

Configure the authentication mode
for logging in to the user interface
as scheme

authentication-mode scheme

Required
By default, the authentication

mode for VTY and AUX users is
password, and no

authentication is needed for
console login users.

Exit to system view

quit

Configure the authentication mode
for SSH users as password

For more information, see SSH2.0
Configuration in the Security

Volume.

Required if users use SSH to log in,
and username and password are

needed at authentication

Configure the
user privilege

level by using
AAA

authentication

parameters

Using local
authentication

Use the local-user command

to create a local user and enter
local user view.

Use the level keyword in the
authorization-attribute

command to configure the user
level.

User either approach

For local authentication, if you
do not configure the user level,
the user level is 0, that is, users

of this level can use commands

with level 0 only.

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: